Solved

snmp error in packet. reason noaccess

Posted on 2016-09-17
30
75 Views
Last Modified: 2016-09-22
Hello Expert,

I try to use snmpset with below command

snmpset -v 3 -c public -u netadmin -l authPriv -a MD5 -A password localhost .1.3.6.1.4.1.88888.1.9.1.1.2 s "111111"

the OID .1.3.6.1.4.1.88888.1.9.1.1.2 is read-write

Thank you.
0
Comment
Question by:trazodone
  • 20
  • 10
30 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
The SNMP community public is a read-only and should not be changed.
Make sure you have a read/write community and it is used with the -c parameter.
You are using snmpv3.
Check whether when using snmpv3 specifying a community is necessary.
Exclude the -c public and see if the behavior changes
0
 

Author Comment

by:trazodone
Comment Utility
I used command sudo ./snmpwalk -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1

and I have got info SNMPv2-SMI::enterprises.88888.1.7.1.0 = Hex-STRING: 00

Next, I tried to snmpset the OID .1.3.6.1.4.1.88888.1.7.1.0

sudo ./snmpset -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0 s "OPEN"
Error in packet.
Reason: noAccess
Failed object: SNMPv2-SMI::enterprises.88888.1.7.1.0

without -c public. I have got the same error

I am wondering it seems OID .1.3.6.1.4.1.88888.1.7.1.0 dows not exist?

Thank you.
0
 

Author Comment

by:trazodone
Comment Utility
Additional

I tried snmpget and seems OID .1.3.6.1.4.1.88888.1.7.1.0 exist

sudo ./snmpget -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0
SNMPv2-SMI::enterprises.88888.1.7.1.0 = Hex-STRING: 00
0
 

Author Comment

by:trazodone
Comment Utility
Data types ids hex-string so I tried with option x

sudo ./snmpset -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0 x "OPEN"
.1.3.6.1.4.1.88888.1.7.1.0: Bad value notation (OPEN)

and

sudo ./snmpset -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0 x "0x2D"
Error in packet.
Reason: noAccess

Not success :)
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
You do not need to run sudo, since you are using snmpv3 with auth.

Have not had a chance to check whether the OID you are trying to update ......

Do you have the option, to configure a read/write community as well as use snmpv2 to perform the same set attempt?
0
 

Author Comment

by:trazodone
Comment Utility
Without sudo

 ./snmpset -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0 x "01"
Error in packet.
Reason: noAccess
Failed object: SNMPv2-SMI::enterprises.88888.1.7.1.0

without sudo with -v 2c

./snmpset -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0 x "01"
Timeout: No Response from localhost

look better but timeout

Will you plese guide how  to configure a read/write community?

Thank you
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
Try s instead of X when setting 'open'

String, hex data.
Try s '0x2D' as the new value.
0
 

Author Comment

by:trazodone
Comment Utility
./snmpset -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0 x "0x2D"
Timeout: No Response from localhost
0
 

Author Comment

by:trazodone
Comment Utility
My snmpd.conf contains

rouser netadmin
rouser netadmin
rwcommunity public

Restart snmpd and snmpset is timeout

Thanks
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
Public should never be set as rw community.

Your netadmin are set as read only user which ....


Within snmpd.conf there is a seccontext

Common,y, there is a commented section dealing with defining community as read-write.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
Com2sec use this to define snmpv2 community, network.

com2sec local any newscommunity

Do you have rwuser netadmin ? Instead of rouser?
0
 

Author Comment

by:trazodone
Comment Utility
No I don't have rwuser netadmin and the snmpd.conf is empty file
0
 

Author Comment

by:trazodone
Comment Utility
I just modified rwuser netadmin. Restart snmpd and result is timeout. How do I add com2sec?

Thank you.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
Where did you get the snmpd.conf which linux OS are you working on.

Usually the snmpd.conf includes an example settings but by default it is set to minimal information
snmpwalk -v 2c -s public localhost will only output the bare minimum, system name, system location, system operator

it indicates that additional configuration is needed using the com2sec where you can define different community strings, groups and networks from which it can be queried.

rwuser netadmin
versus  
rouser netadmin as you posted should change the behavior.....

but snmpd.conf should not be empty, this is where all the OID are defined .....
0
 

Author Comment

by:trazodone
Comment Utility
I add

#       sec.name  source          community
com2sec local     localhost       COMMUNITY

to snmpd.conf

Result=timeout
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:trazodone
Comment Utility
Command

 ./snmpwalk -v 2c -c public localhost
Timeout: No Response from localhost

Location of file snmpd.conf

/usr/local/share/snmp/snmpd.conf

This file may not be a correct snmpd.conf I am finding other snmpd.conf
0
 

Author Comment

by:trazodone
Comment Utility
I found snmpd.conf example file which contains com2sec. How can I bring this file to be a snmpd.conf of snmpd application?

File located here
/home/tee/alarmbox/applications/net-snmp-5.7.3/python/netsnmp/tests/snmpd.conf
0
 

Author Comment

by:trazodone
Comment Utility
My linux

uname -a
Linux ubuntu 3.13.0-74-generic #118~precise1-Ubuntu SMP Fri Dec 18 10:39:27 UTC 2015 i686 i686 i386 GNU/Linux
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
Comment Utility
often, the snmpd.conf file is in /etc/snmp/snmpd.conf

http://manpages.ubuntu.com/manpages/wily/man5/snmpd.conf.5.html

try the following, run
snmpconf -g basec_setup

This is a perl script that will prompt you for information and then will create the snmpd.conf file.......
0
 

Author Comment

by:trazodone
Comment Utility
I used snmpconf which create snmpd.conf at path

/usr/local/share/snmp

snmpd.conf content below

###########################################################################
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#









###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# rwuser: a SNMPv3 read-write user
#   arguments:  user [noauth|auth|priv] [restriction_oid]

rwuser  netadmin

# rwcommunity: a SNMPv1/SNMPv2c read-write access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rwcommunity  public
0
 

Author Comment

by:trazodone
Comment Utility
Update

tee@ubuntu:~/alarmbox/applications/net-snmp-5.7.3/apps$ ./snmpset -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password 127.0.0.1 .1.3.6.1.4.1.88888.1.7.1.0 x "0x2D"
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: SNMPv2-SMI::enterprises.88888.1.7.1.0

I can confirm that files .c and .h config this OID read-write. Do you know how to check if OID can be modify?

Thank you.
0
 

Author Comment

by:trazodone
Comment Utility
My mistake the OID is read-only. Let me modify MIB file .c and .h and try again.

Thank you.
0
 

Author Comment

by:trazodone
Comment Utility
Hello I found another error

tee@ubuntu:/opt/snmp/bin$ ./snmpget -v 3 -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0
SNMPv2-SMI::enterprises.88888.1.7.1.0 = STRING: "UNKNOWN_STATUS"

tee@ubuntu:/opt/snmp/bin$ ./snmpset -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password 127.0.0.1 .1.3.6.1.4.1.88888.1.7.1 s "OPEN"
Error in packet.
Reason: noCreation (That table does not support row creation or that object can not ever be created)
Failed object: SNMPv2-SMI::enterprises.88888.1.7.1

Thank you.
0
 

Author Comment

by:trazodone
Comment Utility
Finally

./snmpset -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password 127.0.0.1 .1.3.6.1.4.1.88888.1.7.1.0 s "OPEN"
SNMPv2-SMI::enterprises.88888.1.7.1.0 = STRING: "OPEN"

Seems it is working but when I tried snmpget

tee@ubuntu:/opt/snmp/bin$ ./snmpget -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0
SNMPv2-SMI::enterprises.88888.1.7.1.0 = STRING: "UNKNOWN_STATUS"
tee@ubuntu:/opt/snmp/bin$

Do you have idea why it is "UNKNOWN_STATUS"

Thank you.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
In prior, the definition as hex string, open, is not valid. Your other attempts had 0x2D does setting that make a difference?
0
 

Author Comment

by:trazodone
Comment Utility
Hello

It is difference <mib>.c file so the x "0x2D" is not exist anymore. The new one is s "OPEN"

tee@ubuntu:/opt/snmp/bin$ ./snmpget -v 2c -c public -u netadmin -l authPriv -a MD5 -A password -x DES -X password localhost .1.3.6.1.4.1.88888.1.7.1.0
SNMPv2-SMI::enterprises.88888.1.7.1.0 = STRING: "UNKNOWN_STATUS"
tee@ubuntu:/opt/snmp/bin$
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
I do not know which MIB you are using, in your prior response, the field type was indicated as HEX: String....
nor whether this SNMP OID when open is set, triggers an event at which point the status of the item is unknown.
0
 

Author Comment

by:trazodone
Comment Utility
Hello Arnold,

Finally I is working once I config the snmpd.config with com2sec. Thank you. I will soon close this topic. Do you have additional info?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Info? I have, ir think I have broad knowledge, need to understand what additional info or concern, considerations you have in mind.
0
 

Author Closing Comment

by:trazodone
Comment Utility
Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now